I've had the case with SharePoint 2010 site collection what was set during creation to use UserAccountDirectoryPath to specific OU. It created w/o exceptions but wasn't following the restriction instead People Picker showed all AD users.

I've noticed that some site collection properties being check through a browser throw exceptions. I've deleted and re-created site collection and it helped. How can i check if site collection admin can add users from AD? I've tried a couple of PS and object model scripts but failed.
Maybe there's way to check a site collection health?

1 Answer
1

Another nice feature is the UserAcountDirectoryPath parameter, which defines
a scope for user accounts, meaning that only accounts within the organizational unit
can be added as members of the site collection. People pickers will also be limited
to this scope. The following example limits the scope to the Company/Site/Users
organizational unit.